General
-
Target
9e9de1c56cc0ad05bbf7bec475b22b3527134fa0b6e2d5de7e6146c0a4b914a5
-
Size
1.7MB
-
Sample
221202-s2f61seh3w
-
MD5
b1c734b2e0f08242df856c7bb40d38bf
-
SHA1
4bac1fb404c6440a5e913a3589d6ab7a6be860ff
-
SHA256
9e9de1c56cc0ad05bbf7bec475b22b3527134fa0b6e2d5de7e6146c0a4b914a5
-
SHA512
0e87af77014ae554c2881e0580c7c2fae483c2a457ef8c5f5f4f225e69dec62fa782f23b245e56bab5729ac64df2d82a0948c42d46a735325a134cc6bb3a89fc
-
SSDEEP
49152:pJZoQrbTFZY1iaCABJde0YXZglrBwCV1vZFyQ7jiIu2Ktgs:ptrbTA1NdeRDQZU+jiUUn
Malware Config
Extracted
darkcomet
Guest16
geluna.zapto.org:1604
DC_MUTEX-VGEKRTT
-
gencode
zH9WcfNESPzT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9e9de1c56cc0ad05bbf7bec475b22b3527134fa0b6e2d5de7e6146c0a4b914a5
-
Size
1.7MB
-
MD5
b1c734b2e0f08242df856c7bb40d38bf
-
SHA1
4bac1fb404c6440a5e913a3589d6ab7a6be860ff
-
SHA256
9e9de1c56cc0ad05bbf7bec475b22b3527134fa0b6e2d5de7e6146c0a4b914a5
-
SHA512
0e87af77014ae554c2881e0580c7c2fae483c2a457ef8c5f5f4f225e69dec62fa782f23b245e56bab5729ac64df2d82a0948c42d46a735325a134cc6bb3a89fc
-
SSDEEP
49152:pJZoQrbTFZY1iaCABJde0YXZglrBwCV1vZFyQ7jiIu2Ktgs:ptrbTA1NdeRDQZU+jiUUn
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-